diff options
| author | Ermal Luçi <ermal.luci@gmail.com> | 2012-08-02 07:45:52 -0700 |
|---|---|---|
| committer | Ermal Luçi <ermal.luci@gmail.com> | 2012-08-02 07:45:52 -0700 |
| commit | 919d450395b1cc5f7267c40f7ccc4c64fc27a749 (patch) | |
| tree | 9776f0696812be07c8acc3257bb5502ba165e68f | |
| parent | bc8a1938f5c1797213bf849f2bdb88bca72d5089 (diff) | |
| parent | 342a2f18f9d39368e0bdafecea4dba29bddce8b6 (diff) | |
| download | pfsense-919d450395b1cc5f7267c40f7ccc4c64fc27a749.zip pfsense-919d450395b1cc5f7267c40f7ccc4c64fc27a749.tar.gz | |
Merge pull request #201 from phil-davis/master
Bogons updated - make sure conf_mount_rw and conf_mount_ro are matched
| -rwxr-xr-x | etc/rc.update_bogons.sh | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh index 29a77ee..a721096 100755 --- a/etc/rc.update_bogons.sh +++ b/etc/rc.update_bogons.sh @@ -6,7 +6,7 @@ echo "rc.update_bogons.sh is starting up." | logger -# Sleep for that time, unless an argument is specified. +# Sleep for some time, unless an argument is specified. if [ "$1" = "" ]; then # Grab a random value @@ -17,9 +17,6 @@ fi echo "rc.update_bogons.sh is beginning the update cycle." | logger -# Mount RW if needed -/etc/rc.conf_mount_rw - /usr/bin/fetch -q -o /tmp/bogons "http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt" /usr/bin/fetch -q -o /tmp/bogonsv6 "http://files.pfsense.org/mirrors/fullbogons-ipv6.txt" if [ ! -f /tmp/bogons ]; then @@ -37,33 +34,45 @@ if [ "$dl_error" != "" ];then exit fi -BOGON_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5" | awk '{ print $4 }'` -ON_DISK_MD5=`md5 /tmp/bogons | awk '{ print $4 }'` -if [ "$BOGON_MD5" = "$ON_DISK_MD5" ]; then +BOGON_V4_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5" | awk '{ print $4 }'` +ON_DISK_V4_MD5=`md5 /tmp/bogons | awk '{ print $4 }'` +BOGON_V6_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/fullbogons-ipv6.txt.md5" | awk '{ print $4 }'` +ON_DISK_V6_MD5=`md5 /tmp/bogonsv6 | awk '{ print $4 }'` + +if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ] || [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then + # At least one of the downloaded MD5s matches, so mount RW + /etc/rc.conf_mount_rw +fi + +if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ]; then egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons - /etc/rc.conf_mount_ro RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1` rm /tmp/bogons - echo "Bogons file downloaded: $RESULT" | logger + echo "Bogons V4 file downloaded: $RESULT" | logger else echo "Could not download http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5 (md5 mismatch)" | logger - # Relaunch and sleep - sh /etc/rc.update_bogons.sh & + md5_error="true" fi -BOGON_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/fullbogons-ipv6.txt.md5" | awk '{ print $4 }'` -ON_DISK_MD5=`md5 /tmp/bogonsv6 | awk '{ print $4 }'` -if [ "$BOGON_MD5" = "$ON_DISK_MD5" ]; then +if [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then egrep -v "^#" /tmp/bogonsv6 > /etc/bogonsv6 - /etc/rc.conf_mount_ro RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` rm /tmp/bogonsv6 - echo "Bogons files downloaded: $RESULT" | logger + echo "Bogons V6 file downloaded: $RESULT" | logger else echo "Could not download http://files.pfsense.org/mirrors/fullbogons-ipv6.txt.md5 (md5 mismatch)" | logger + md5_error="true" +fi + +if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ] || [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then + # We mounted RW, so switch back to RO + /etc/rc.conf_mount_ro +fi + +if [ "$md5_error" != "" ];then # Relaunch and sleep - sh /etc/rc.update_bogons.sh & + sh /etc/rc.update_bogons.sh & + exit fi echo "rc.update_bogons.sh is ending the update cycle." | logger - |
